XWorm is a .NET-based Remote Access Trojan (RAT) that initially emerged in early 2022 and resurfaced in 2025 with enhanced capabilities and renewed activity in targeted cyberattacks. Designed to compromise Windows endpoints, XWorm is widely adopted by threat actors due to its modular design and low detection rates when obfuscated, making it a persistent threat […]

Artificial intelligence (AI) makes threat hunting in Wazuh more efficient and effective as it can process vast amounts of security data at high speeds. It can spot subtle patterns and anomalies that human analysts might miss. By leveraging AI in Wazuh threat hunting, security teams can be more efficient and focus their expertise where it’s […]

Recent articles have linked CVE-2025-24016, an old Wazuh server vulnerability, to botnet activity via remote code execution. This issue was fixed in October 2024 with version 4.9.1. Any instance running 4.9.1 or later is fully patched and secure. It’s also important to understand the nature of CVE-2025-24016. This is an authenticated vulnerability, meaning it can […]

Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.

The Linux operating system is widely deployed across various systems, from embedded devices to cloud infrastructure. Its popular use makes it a frequent target for threat actors, increasing the importance of enforced security mechanisms. Linux uses the Discretionary Access Control (DAC) permission model by default. In this model, the owner of a file or process […]

A newly disclosed zero-day vulnerability, tracked as CVE-2025-4664, has recently been discovered to affect Google Chrome and Chromium web browsers on Windows and Linux endpoints, respectively. This vulnerability affects the Loader component of the browser, causing serious implications for cross-origin data protection, especially in environments that rely on Chrome’s referrer policies for safeguarding sensitive information. […]

FrigidStealer is an information-stealing malware that emerged in January 2025. It targets macOS endpoints to steal sensitive user data through deceptive tactics. Unlike traditional malware, FrigidStealer exploits user trust in routine software updates, making it particularly insidious. As a significant threat, it underscores the need for extended security measures on macOS endpoints. The malware’s financial […]

InvisibleFerret is a Python-based backdoor malware that affects both Windows and Linux endpoints. It is used in targeted campaigns by North Korean threat actors, particularly the notorious Lazarus Group. This malware is deployed through advanced social engineering tactics, often disguised as part of legitimate job recruitment processes. Threat actors impersonate recruiters, luring victims, primarily professionals […]

Persistence techniques refer to methods attackers or malicious software use to maintain access to a compromised endpoint even after reboots, logouts, or other interruptions. These techniques ensure that the malware or unauthorized user remains active and can continue to execute malicious activities without re-exploitation. Common Windows persistence techniques involve modifying startup scripts, abusing scheduled tasks […]

Medusa is a ransomware-as-a-service (RaaS) variant, first observed in June 2021. Its operators and affiliates have impacted over 300 organizations across multiple sectors, including healthcare, education, legal, insurance, technology, and manufacturing. The ransomware is primarily delivered through phishing campaigns and the exploitation of unpatched software vulnerabilities.

Supervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and controlling industrial processes. Rapid SCADA is an open source SCADA platform used for data acquisition, automation, and remote control in industrial and critical infrastructure systems. It can be deployed on Windows or Linux endpoints, making it a flexible solution for different environments. Like […]

Impacket is a collection of Python-based scripts designed for manipulating network protocols and exploiting Windows services. It contains several tools for remote service execution, Kerberos manipulation, Windows credential dumping, packet sniffing, and relay attacks.  Although Red teamers use Impacket for authorized testing, threat actors frequently misuse it for lateral movement, privilege escalation, and data exfiltration […]